package com.fuxi.cloud.common.util;

import cn.hutool.crypto.SecureUtil;
import com.fuxi.cloud.common.expetion.JimuReportException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

import javax.servlet.http.HttpServletRequest;

/**
 * SqlInjectionUtil
 *
 * @Author: 扫地僧
 * @CreateTime: 2021-05-03
 */
public class SqlInjectionUtil {
    private static final Logger log = LoggerFactory.getLogger(SqlInjectionUtil.class);
    private static final String TABLE_DICT_SIGN_SALT = "20200501";
    private static final String xssStr = "'|and |exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|or |+";

    public SqlInjectionUtil() {
    }

    public static void checkDictTableSign(String dictCode, String sign, HttpServletRequest request) {
        String var3 = request.getHeader("X-Access-Token");
        String var4 = dictCode + "20200501" + var3;
        String var5 = SecureUtil.md5(var4);
        if (!var5.equals(sign)) {
            log.error("表字典，SQL注入漏洞签名校验失败 ：" + sign + "!=" + var5 + ",dictCode=" + dictCode);
            throw new JimuReportException("无权限访问！");
        } else {
            log.debug(" 表字典，SQL注入漏洞签名校验成功！sign=" + sign + ",dictCode=" + dictCode);
        }
    }

    public static void filterContent(String value) {
        if (value != null && !"".equals(value)) {
            value = value.toLowerCase();
            String[] var1 = "'|and |exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|or |+".split("\\|");

            for(int var2 = 0; var2 < var1.length; ++var2) {
                if (value.indexOf(var1[var2]) > -1) {
                    log.error("请注意，存在SQL注入关键词---> {}", var1[var2]);
                    log.error("请注意，值可能存在SQL注入风险!---> {}", value);
                    throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + value);
                }
            }

        }
    }

    public static void filterContent(String[] values) {
        String[] var1 = "'|and |exec |insert |select |delete |update |drop |count |chr |mid |master |truncate |char |declare |;|or |+".split("\\|");
        String[] var2 = values;
        int var3 = values.length;

        for(int var4 = 0; var4 < var3; ++var4) {
            String var5 = var2[var4];
            if (var5 == null || "".equals(var5)) {
                return;
            }

            var5 = var5.toLowerCase();

            for(int var6 = 0; var6 < var1.length; ++var6) {
                if (var5.indexOf(var1[var6]) > -1) {
                    log.error("请注意，存在SQL注入关键词---> {}", var1[var6]);
                    log.error("请注意，值可能存在SQL注入风险!---> {}", var5);
                    throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + var5);
                }
            }
        }

    }

    /** @deprecated */
    @Deprecated
    public static void specialFilterContent(String value) {
        String var1 = " exec | insert | select | delete | update | drop | count | chr | mid | master | truncate | char | declare |;|+|";
        String[] var2 = var1.split("\\|");
        if (value != null && !"".equals(value)) {
            value = value.toLowerCase();

            for(int var3 = 0; var3 < var2.length; ++var3) {
                if (value.indexOf(var2[var3]) > -1 || value.startsWith(var2[var3].trim())) {
                    log.error("请注意，存在SQL注入关键词---> {}", var2[var3]);
                    log.error("请注意，值可能存在SQL注入风险!---> {}", value);
                    throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + value);
                }
            }

        }
    }

    /** @deprecated */
    @Deprecated
    public static void specialFilterContentForOnlineReport(String value) {
        String var1 = " exec | insert | delete | update | drop | chr | mid | master | truncate | char | declare |";
        String[] var2 = var1.split("\\|");
        if (value != null && !"".equals(value)) {
            value = value.toLowerCase();

            for(int var3 = 0; var3 < var2.length; ++var3) {
                if (value.indexOf(var2[var3]) > -1 || value.startsWith(var2[var3].trim())) {
                    log.error("请注意，存在SQL注入关键词---> {}", var2[var3]);
                    log.error("请注意，值可能存在SQL注入风险!---> {}", value);
                    throw new RuntimeException("请注意，值可能存在SQL注入风险!--->" + value);
                }
            }

        }
    }
}
